[BlueOnyx:19716] Re: prevent user from sending e-mail in /etc/mail/access

[Tigerwolf]

On Wed, 15 Jun 2016, Meaulnes Legler wrote:

> But that user is still sending out tons of mails if I enable it again 
> (unchecking «Suspend» in the GUI), thousands in a couple of hours with 
> subjects like:
> 	Subject:  Warning: could not send message for past 4 hours
> 	Subject:  Returned mail: see transcript for details
> That user must have some virus and I'm afraid that my server will be 
> tagged...

This looks like mail rejection notices your server is trying to send 
*out*, likely because the 'From:' address dosen't exist.

As mentioned by Chuck Tetlow, if this is the case, you need to clean out 
your mqueue directory to get rid of those.  Otherwise, your system may 
keep trying to send each message for up to 5 days.

> I read that I could prevent user from sending e-mail by adding these lines to 
> /etc/mail/access
> 	From:janis at legler.org	REJECT	# Reject user from sending mails
> and restarting sendmail. But /etc/mail/access is pretty much empty:

The 'stock' one will be just the basics.  You can add to it, though.
>
> Can I do so as said above without compromising the mailer?

Be sure to rebuild the database and restart sendmail so it will get the 
changes.

If you're still getting floods coming *INTO* your machine, IP firewalling 
is the most efficient rejection method.  If you let the mail get as far as 
the sendmail process, and reject it there, there's a lot more CPU being 
used up.  Of course, if the IP keeps *changing* a lot, then sendmail can 
catch what gets by the firewall.

Also, a firewall IP block eats up time at the sender's end waiting to 
establish a connection, so it makes them feel more pain as well.

Floods I've seen can take a week to figure out they're not getting through 
and then they usually just move elsewhere.

-- 
=^_^=  Tigerwolf